search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
[Samba.git] / auth / credentials / tests / test_creds.c
blobfa8755e0a409c4885cfec735d86b11231292287a
1 /*
2 * Unix SMB/CIFS implementation.
3 *
4 * Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <stdarg.h>
21 #include <stddef.h>
22 #include <stdint.h>
23 #include <setjmp.h>
24 #include <cmocka.h>
25
26 #include "lib/replace/replace.h"
27 #include "auth/credentials/credentials.c"
28
29 static int setup_talloc_context(void **state)
30 {
31 TALLOC_CTX *frame = talloc_stackframe();
32
33 *state = frame;
34 return 0;
35 }
36
37 static int teardown_talloc_context(void **state)
38 {
39 TALLOC_CTX *frame = *state;
40 TALLOC_FREE(frame);
41 return 0;
42 }
43
44 static void torture_creds_init(void **state)
45 {
46 TALLOC_CTX *mem_ctx = *state;
47 struct cli_credentials *creds = NULL;
48 const char *username = NULL;
49 const char *domain = NULL;
50 const char *password = NULL;
51 enum credentials_obtained dom_obtained = CRED_UNINITIALISED;
52 enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
53 enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
54 bool ok;
55
56 creds = cli_credentials_init(mem_ctx);
57 assert_non_null(creds);
58 assert_null(creds->username);
59 assert_int_equal(creds->username_obtained, CRED_UNINITIALISED);
60
61 domain = cli_credentials_get_domain(creds);
62 assert_null(domain);
63 ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
64 assert_true(ok);
65 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
66 domain = cli_credentials_get_domain(creds);
67 assert_string_equal(domain, "WURST");
68
69 domain = cli_credentials_get_domain_and_obtained(creds,
70 &dom_obtained);
71 assert_int_equal(dom_obtained, CRED_SPECIFIED);
72 assert_string_equal(domain, "WURST");
73
74 username = cli_credentials_get_username(creds);
75 assert_null(username);
76 ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
77 assert_true(ok);
78 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
79 username = cli_credentials_get_username(creds);
80 assert_string_equal(username, "brot");
81
82 username = cli_credentials_get_username_and_obtained(creds,
83 &usr_obtained);
84 assert_int_equal(usr_obtained, CRED_SPECIFIED);
85 assert_string_equal(username, "brot");
86
87 password = cli_credentials_get_password(creds);
88 assert_null(password);
89 ok = cli_credentials_set_password(creds, "SECRET", CRED_SPECIFIED);
90 assert_true(ok);
91 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
92 password = cli_credentials_get_password(creds);
93 assert_string_equal(password, "SECRET");
94
95 password = cli_credentials_get_password_and_obtained(creds,
96 &pwd_obtained);
97 assert_int_equal(pwd_obtained, CRED_SPECIFIED);
98 assert_string_equal(password, "SECRET");
99
100 /* Run dump to check it works */
101 cli_credentials_dump(creds);
102 }
103
104 static void torture_creds_init_anonymous(void **state)
105 {
106 TALLOC_CTX *mem_ctx = *state;
107 struct cli_credentials *creds = NULL;
108
109 creds = cli_credentials_init_anon(mem_ctx);
110 assert_non_null(creds);
111
112 assert_string_equal(creds->domain, "");
113 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
114
115 assert_string_equal(creds->username, "");
116 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
117
118 assert_null(creds->password);
119 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
120 }
121
122 static void torture_creds_guess(void **state)
123 {
124 TALLOC_CTX *mem_ctx = *state;
125 struct cli_credentials *creds = NULL;
126 const char *env_user = getenv("USER");
127 bool ok;
128
129 creds = cli_credentials_init(mem_ctx);
130 assert_non_null(creds);
131
132 setenv("PASSWD", "SECRET", 1);
133 ok = cli_credentials_guess(creds, NULL);
134 assert_true(ok);
135
136 assert_string_equal(creds->username, env_user);
137 assert_int_equal(creds->username_obtained, CRED_GUESS_ENV);
138
139 assert_string_equal(creds->password, "SECRET");
140 assert_int_equal(creds->password_obtained, CRED_GUESS_ENV);
141 unsetenv("PASSWD");
142 }
143
144 static void torture_creds_anon_guess(void **state)
145 {
146 TALLOC_CTX *mem_ctx = *state;
147 struct cli_credentials *creds = NULL;
148 bool ok;
149
150 creds = cli_credentials_init_anon(mem_ctx);
151 assert_non_null(creds);
152
153 setenv("PASSWD", "SECRET", 1);
154 ok = cli_credentials_guess(creds, NULL);
155 assert_true(ok);
156
157 assert_string_equal(creds->username, "");
158 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
159
160 assert_null(creds->password);
161 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
162 unsetenv("PASSWD");
163 }
164
165 static void torture_creds_parse_string(void **state)
166 {
167 TALLOC_CTX *mem_ctx = *state;
168 struct cli_credentials *creds = NULL;
169 enum credentials_obtained princ_obtained = CRED_UNINITIALISED;
170 enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
171 enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
172
173 creds = cli_credentials_init(mem_ctx);
174 assert_non_null(creds);
175
176 /* Anonymous */
177 cli_credentials_parse_string(creds, "%", CRED_SPECIFIED);
178
179 assert_string_equal(creds->domain, "");
180 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
181
182 assert_string_equal(creds->username, "");
183 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
184
185 assert_null(creds->password);
186 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
187
188 /* Username + password */
189 cli_credentials_parse_string(creds, "wurst%BROT", CRED_SPECIFIED);
190
191 assert_string_equal(creds->domain, "");
192 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
193
194 assert_string_equal(creds->username, "wurst");
195 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
196
197 assert_string_equal(creds->password, "BROT");
198 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
199
200 /* Domain + username + password */
201 cli_credentials_parse_string(creds, "XXL\\wurst%BROT", CRED_SPECIFIED);
202
203 assert_string_equal(creds->domain, "XXL");
204 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
205
206 assert_string_equal(creds->username, "wurst");
207 assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
208
209 assert_string_equal(creds->password, "BROT");
210 assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
211
212 /* Principal */
213 cli_credentials_parse_string(creds, "wurst@brot.realm", CRED_SPECIFIED);
214
215 assert_string_equal(creds->domain, "");
216 assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
217
218 assert_string_equal(creds->username, "wurst@brot.realm");
219 usr_obtained = cli_credentials_get_username_obtained(creds);
220 assert_int_equal(usr_obtained, CRED_SPECIFIED);
221
222 assert_string_equal(creds->principal, "wurst@brot.realm");
223 princ_obtained = cli_credentials_get_principal_obtained(creds);
224 assert_int_equal(princ_obtained, CRED_SPECIFIED);
225
226 assert_string_equal(creds->password, "BROT");
227 pwd_obtained = cli_credentials_get_password_obtained(creds);
228 assert_int_equal(pwd_obtained, CRED_SPECIFIED);
229
230 }
231
232 static void torture_creds_krb5_state(void **state)
233 {
234 TALLOC_CTX *mem_ctx = *state;
235 struct cli_credentials *creds = NULL;
236 struct loadparm_context *lp_ctx = NULL;
237 enum credentials_obtained kerberos_state_obtained;
238 enum credentials_use_kerberos kerberos_state;
239 bool ok;
240
241 lp_ctx = loadparm_init_global(true);
242 assert_non_null(lp_ctx);
243
244 creds = cli_credentials_init(mem_ctx);
245 assert_non_null(creds);
246 kerberos_state_obtained =
247 cli_credentials_get_kerberos_state_obtained(creds);
248 kerberos_state = cli_credentials_get_kerberos_state(creds);
249 assert_int_equal(kerberos_state_obtained, CRED_UNINITIALISED);
250 assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
251
252 ok = cli_credentials_set_conf(creds, lp_ctx);
253 assert_true(ok);
254 kerberos_state_obtained =
255 cli_credentials_get_kerberos_state_obtained(creds);
256 kerberos_state = cli_credentials_get_kerberos_state(creds);
257 assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
258 assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
259
260 ok = cli_credentials_guess(creds, lp_ctx);
261 assert_true(ok);
262 kerberos_state_obtained =
263 cli_credentials_get_kerberos_state_obtained(creds);
264 kerberos_state = cli_credentials_get_kerberos_state(creds);
265 assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
266 assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
267 assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
268 assert_non_null(creds->ccache);
269
270 ok = cli_credentials_set_kerberos_state(creds,
271 CRED_USE_KERBEROS_REQUIRED,
272 CRED_SPECIFIED);
273 assert_true(ok);
274 kerberos_state_obtained =
275 cli_credentials_get_kerberos_state_obtained(creds);
276 kerberos_state = cli_credentials_get_kerberos_state(creds);
277 assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
278 assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
279
280 ok = cli_credentials_set_kerberos_state(creds,
281 CRED_USE_KERBEROS_DISABLED,
282 CRED_SMB_CONF);
283 assert_false(ok);
284 kerberos_state_obtained =
285 cli_credentials_get_kerberos_state_obtained(creds);
286 kerberos_state = cli_credentials_get_kerberos_state(creds);
287 assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
288 assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
289
290 }
291
292 static void torture_creds_gensec_feature(void **state)
293 {
294 TALLOC_CTX *mem_ctx = *state;
295 struct cli_credentials *creds = NULL;
296 bool ok;
297
298 creds = cli_credentials_init(mem_ctx);
299 assert_non_null(creds);
300 assert_int_equal(creds->gensec_features_obtained, CRED_UNINITIALISED);
301 assert_int_equal(creds->gensec_features, 0);
302
303 ok = cli_credentials_set_gensec_features(creds,
304 GENSEC_FEATURE_SIGN,
305 CRED_SPECIFIED);
306 assert_true(ok);
307 assert_int_equal(creds->gensec_features_obtained, CRED_SPECIFIED);
308 assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
309
310 ok = cli_credentials_set_gensec_features(creds,
311 GENSEC_FEATURE_SEAL,
312 CRED_SMB_CONF);
313 assert_false(ok);
314 assert_int_equal(creds->gensec_features_obtained, CRED_SPECIFIED);
315 assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
316 }
317
318 static const char *torture_get_password(struct cli_credentials *creds)
319 {
320 return talloc_strdup(creds, "SECRET");
321 }
322
323 static void torture_creds_password_callback(void **state)
324 {
325 TALLOC_CTX *mem_ctx = *state;
326 struct cli_credentials *creds = NULL;
327 const char *password = NULL;
328 enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
329 bool ok;
330
331 creds = cli_credentials_init(mem_ctx);
332 assert_non_null(creds);
333
334 ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
335 assert_true(ok);
336 ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
337 assert_true(ok);
338
339 ok = cli_credentials_set_password_callback(creds, torture_get_password);
340 assert_true(ok);
341 assert_int_equal(creds->password_obtained, CRED_CALLBACK);
342
343 password = cli_credentials_get_password_and_obtained(creds,
344 &pwd_obtained);
345 assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT);
346 assert_string_equal(password, "SECRET");
347 }
348
349 int main(int argc, char *argv[])
350 {
351 int rc;
352 const struct CMUnitTest tests[] = {
353 cmocka_unit_test(torture_creds_init),
354 cmocka_unit_test(torture_creds_init_anonymous),
355 cmocka_unit_test(torture_creds_guess),
356 cmocka_unit_test(torture_creds_anon_guess),
357 cmocka_unit_test(torture_creds_parse_string),
358 cmocka_unit_test(torture_creds_krb5_state),
359 cmocka_unit_test(torture_creds_gensec_feature),
360 cmocka_unit_test(torture_creds_password_callback)
361 };
362
363 if (argc == 2) {
364 cmocka_set_test_filter(argv[1]);
365 }
366 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
367
368 rc = cmocka_run_group_tests(tests,
369 setup_talloc_context,
370 teardown_talloc_context);
371
372 return rc;
373 }
Samba GIT mirror